A patch to fix VU#180065 vulnerability in 0.1.0-0.8.14.
The patch is not required for versions 0.8.16+, 0.7.62+, 0.6.39+, 0.5.38+.
nginx有一安全漏洞影响0.1.0-0.8.14的版本。
除0.8.16+, 0.7.62+, 0.6.39+, 0.5.38+.
wget http://sysoev.ru/nginx/nginx-0.7.62.tar.gz
tar zxvf nginx-0.7.62.tar.gz
cd nginx-0.7.62
关闭debug模式来减少nginx大小
vi auto/cc/gcc
# 最后几行sheft+g
#注释这行
#CFLAGS=”$CFLAGS -g”
伪装header
vi src/core/nginx.h
#define NGINX_VERSION “1.2”
#define NGINX_VER “C1GWS/” NGINX_VERSION
编译
./configure –user=www –group=website –prefix=/opt/nginx –with-http_stub_status_module –with-http_ssl_module
make
#不需做make install哈
备份原始文件
mv /opt/nginx/sbin/nginx /opt/nginx/sbin/nginx.old
复制新文件
cp objs/nginx /opt/nginx/sbin/nginx
检查配置文件
/opt/nginx/sbin/nginx -t
如果你的配置文件是0.6X的话会有2个错误
[warn]: the “optimize_server_names” directive is deprecated, use the “server_name_in_redirect” directive instead in /opt/nginx/conf/nginx.conf:36
[emerg]: “server_name_in_redirect” directive is duplicate in /opt/nginx/conf/nginx.conf:37
configuration file /opt/nginx/conf/nginx.conf test failed
[warn]: duplicate MIME type “text/html” in /opt/nginx/conf/nginx.conf:63
the configuration file /opt/nginx/conf/nginx.conf syntax is ok
configuration file /opt/nginx/conf/nginx.conf test is successful
nginx.conf中去掉server_name_in_redirect及text/html
optimize_server_names off;
server_name_in_redirect off;
gzip_types text/plain application/x-javascript text/css application/xml;
重命名pid,并启用新的pid
#”`“在键盘左上角
kill -USR2 `cat /dev/shm/nginx.pid`
退出旧的nginx
kill -QUIT `cat /dev/shm/nginx.pid.oldbin`
升级完成!
curl -I localhost
HTTP/1.1 200 OK
Server: C1GWS/1.2
curl -I localhost
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.